How to Access Server Certificate information in Objective C?

Question

For my application I have a trusted server certificate and I want to access the certificate information in my code. My purpose is to check whether the url hostname and the certificate hostname match or not. If they match, then I will make the connection, otherwise I will throw an error.

Answer 1

1. you use the NSURLConnectionDelegate methods -connection:canAuthenticateAgainstProtectionSpace: and -connection:didReceiveAuthenticationChallenge: to receive an authentication challenge in the server trust protection space. That's where you get the opportunity to inspect the certificate.

2. Don't just check that the hostname matches! Anyone could issue themselves with a certificate for any server, and there have even been certificates issued for *.*.com and similar wildcards. You need to decide whether you trust the identity that was issued with the certificate: that's why it's called server trust authentication.

how can I trust the identity that was issued with the certificate

You need to evaluate the server trust. What your policy is for trusting certificates is not something I'd like to predict, but how you use the API to evaluate the trust is covered in Apple's Certificate, Key and Trust Services programming guide.

and how can I access some of the information within the certificate

The available APIs are documented in the Certificate, Key and Trust Services reference. Notice that there aren't many options on iOS for extracting data from the certificate - certainly not as many as there are on the Mac.